Role in IT decision-making process:Align Business & IT GoalsCreate IT StrategyDetermine IT NeedsManage Vendor RelationshipsEvaluate/Specify Brands or VendorsOther RoleAuthorize PurchasesNot Involved

Work Phone:

Company:

Company Size:

Industry:

Street Address

City:

Zip/postal code

State/Province:

Country:

Occasionally, we send subscribers special offers from select partners. Would you like to receive these special partner offers via e-mail?YesNo

Your registration with Eweek will include the following free email newsletter(s):News & Views

By submitting your wireless number, you agree that eWEEK, its related properties, and vendor partners providing content you view may contact you using contact center technology. Your consent is not required to view content or use site features.

By clicking on the "Register" button below, I agree that I have carefully read the Terms of Service and the Privacy Policy and I agree to be legally bound by all such terms.

Database Security Suite Makes Tracking More Granular

An update of Guardium's software adds new assessment, access policy control and auditing capabilities, as well as applications to help companies track compliance with regulations such as Sarbanes-Oxley.

WEBINAR:On-Demand

Guardium Inc., a maker of relational database security software, is putting new assessment, access policy control, auditing and regulatory compliance applications into an update, the company plans to announce Monday.

SQL Guard Security Suite is designed to offer real-time, continuous protection of databases. The three new applications are SQL HealthGuard, SQL PolicyGuard and SQL AuditGuard.

The first monitors, measures and reports on database security using what the company describes as a graphical security health report card in a dashboard view that can double as a portal for status reports.

Database health is gauged by comparison with prebuilt security attributes that can be customized with user-created metrics. Results are displayed in actionable, real-time and historical graphs.

The Client Server Access Map capability tracks client-server interaction and draws a graphical representation of such interactions. The maps components include Database Server, Application Server and Network connection and can be clicked on for high-level or drill-down analysis.

The SQL PolicyGuard module has auto-baselining and real-time, policy-based access control capabilities. These are used to develop database access rules and to enable database access control. The auto-baselining capability automatically correlates database access data to create access baselines or rules. Users can set real-time, policy-based alerts using their own access rules, a particular baseline or SQL Guards preconfigured best practices.

The SQL AuditGuard module monitors database access and is designed to streamline auditing and regulatory compliance reporting by eliminating the need to slog through database logs. Such a capability should help enterprises track compliance with regulations such as Sarbanes-Oxley, GLBA, HIPAA or SB 1386, for example.

Noel Yuhanna, an analyst with Forrester Research Inc., in Santa Clara, Calif., said Guardium is doing a good job expanding its platform in order to offer the tracking granularity required by such regulations.

"Theyre expanding to provide an integrated solution for more secure environments to do auditing of the entire environment," he said. "This definitely helps in Sarbanes-Oxley requirements, where you need to know who accessed what data, when it was changed and by whom. It gives you a granular analysis of such data access."

The updates previous iteration is being used by the director of network services at a major New England media firm who requested that his name and company name be withheld. He said that from the network security perspective, Guardiums platform is a blessing, since it provides checks and balances between the DBAs (database administrators) who are primarily responsible for enforcement of database security and the network administrators who guard the perimeter of an enterprise.

"What Guardium does, it divorces two entities," he said. "It ensures that one entity will do what it says its doing. As an example: Out of the box, you dont use the default, vendor-provided password. You can say, Hey, DBA, did you change that? They could say yes or no. But … you can monitor that from the network perspective; you can ensure what he or she said is being performed and done."

Thats essential for any company that falls under the rules of Sarbanes-Oxley, the network services director pointed out, since the regulation stipulates that an enterprise provide such checks and balances.

Advertiser Disclosure:
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.